Re: applying AES-GCM to secure shell: proposed "tweak"

To: ietf-ssh%NetBSD.org@localhost
Subject: Re: applying AES-GCM to secure shell: proposed "tweak"
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 9 Apr 2009 10:38:04 -0400 (EDT)

> A post-KEX OPTION packet could work* [...]

> * except that it won't - OpenSSH just had to switch off a few channel
> and global extensions for all but other OpenSSH peers because some
> other implementations will disconnect as soon as they see an
> extension message that they do not recognise.

OpenSSH didn't _have_ to.  It _chose_ to.  Broken implementations are
broken; if they can't be bothered to correctly respond to well-defined
and conformant protocol they don't happen to implement, that's their
problem.  If OpenSSH really wants to bend over backwards to avoid
showing up bugs in buggy implementations, surely the right way to do it
is by detecting the buggy ones and working around them, rather than
assuming everyone but themselves is buggy.

If I create and release an implementation that ungracefully disconnects
when offered anything but 3des-cbc as a cipher, will they then stop
offering everything else unless talking to themselves?  One that
crashes when offered a username containing a 'q', will they then reject
attempts to use such usernames?  They're basically the same thing, just
a little (first one) or a lot (second one) more extreme.  You can't
paper over everyone else's bugs, and trying only encourages the bugs to
persist.

> So we really are quite constrained in how we can practically extend
> the protocol.

Only if you really do believe in breaking interoperability with
non-broken implementations for the sake of interoperability with broken
implementations.  I don't.

I ran into an implementation apparently too broken to handle some one
of the extensions moussh uses (I don't know which extension - it was
the embedded ssh server on a switch, and the tradeoffs were wrong for
trying to probe the envelope of the bug).  But what I did was to
suppress all use of DNS-based extension names when given a command-line
flag saying to do so, not to do so by default!

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Peter Gutmann
- Re: applying AES-GCM to secure shell: proposed "tweak"
  - From: Damien Miller

Prev by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Date: Re: applying AES-GCM to secure shell: proposed "tweak"
Previous by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Next by Thread: Re: applying AES-GCM to secure shell: proposed "tweak"
Indexes:

Home | Main Index | Thread Index | Old Index